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APPENDIX A 
CLAIMS 

1 . (Currently Amended) A method for achieving client to server end to end security 
guarantees, comprising: 

providing a secure, communication between a client and a ..r y er employing 
proxy bv means nf; 



employing said proxy between a said client and a said server to provide connection links 
between said client and said server; 

embedding a secure coprocessor for use as an agent of said client and/or said 

server which assures that said proxy cannot tamper with the functioning of said agent, said 

agent being a software program or hardware logic operating within the confines of said 

coprocessor; 

said proxy receiving a .specific communic a tion remi^t from said client; 

said coprocessor is located at the site of said proxy and: (a) acts as a converter between at 
least one protocol said client supports, and at least one other protocol supported by said 
server, (b) guarantees that an application embedded in said coprocessor performs to a 
degree of security proscribed by said client and/or said server; 

said Proxy forming an n.tnple for a spe cific commnni^ ™; 
said proxy forwarding sai d n-tunle to sqjd coprocessor; 
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said copr ocessor generating a response, including a directive to said rt-hipl^ 
said coprocessor send ing said response to said proxy and 
said proxy i mplementing a directive; and 

employing the respective security protocols of said at least one protocol and said at least 
one other protocol. 

Claims 2-4 (Canceled) 

Claim 5 (Previously presented) A method as recited in claim 1 wherein the client is a pervasive 
computing device. 

Claim 6 (Previously presented) A method as recited in claim + 5 further comprising the step of 
adapting content supplied by the client to fit constraints of the server and/or the connection links. 

Claim 7 (Currently Amended) A method for providing secure communications on a network, the 
method comprising; 

providing a secure commu nication bet ween a client and a server emp l oying an antrusted nroxv hv 
means of: 

. employing said proxy between a said cl ient and a said server to provide connection links 
between said client and said server; 

.embedding a secure coprocessor foT use as an ag ent of said client and/or said 
server which assures that said nroxv cannot t a mper with the functioning of said agent. 
sajd agent being a software program or hardwa r e logic op era ting within the confines of 
said coprocessor: 
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gaid proxy receiving a specific communi c ation req n^ t from said clien t; 

said coprocessor is located at the site of said proxy and- ^ s as a converter het w ~„ „ 
Least one protocol said client supports, and at least one nt h er protocol supported hv saiH 
server, fb) nwanteRs that an application embedde d in said cnp mressor performs tn a 
degree of security proscribed bv said client and/or said server; 

said proxy forming an n-tuple f or a sp ecific eommunicarinn; 
said proxy forwarding s qjd n-tuple to said cop mcesgnr; 
said coprocesspr generating a response, inc l uding a directive to said n-tnp le; 
said coprocessor sending said response to said prmry anH 
said proxy implementing a directive: anH 

employing the resp e ctive security protocols of said at least, nre p r otocol and said at 
one other protocol: 

secui - ely uubcddiiig aii dgail at a yi u xy hi uV uUwmk, and, 

splicing a plurality of secure communication protocols of different protocol suites into the 
agent, wherein the step of splicing a plurality of secure communication protocols is a security 
protocol of a Wireless Application Protocol Suite (WAP) to that of an Internet Protocol (IP) 
device. 
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Claim 8 (Cancel) A method as recited in claim 7 wherein the step of splicing includes splicing a 
security protocol of a Wireless Application Protocol Suite (WAP) to that of an Internet Protocol 
(IP) device. 

Claim 9 (Currently Amended) A method as recited in claim 8JZ wherein the Wireless Application 
Protocol suite is used by a pervasive computing device. 

Claim 10 (Currently Amended) A method as recited in claim 7,9 further comprising the agent 
performing at least one content adaptation function. 

Claim 1 1 (Previously presented) A method as recited in claim 10, wherein the step of performing 
includes maintaining communication privacy. 

Claim 12 (Currently Amended) A method as recited in claim 7 JO, further comprising maintaining 
a state of splicing process resulting from the step of splicing. 

Claim 13 (Previously presented) A method as recited in claim 12, wherein the step of maintaining 
includes employing a storage device external to the proxy, and using cryptographic means to 
encrypt the state. 

Claim 14 (Canceled) A method for providing network security to a network employing a proxy, 
the method comprising: 

embedding a trusted application in a secure coprocessor located at the site of a proxy; and 
delegating to a network infrastructure a task of enforcing a trust model. 

Claim 1 5 (Canceled) A method as recited in claim 14, further comprising guaranteeing that the 
application is trusted to enforce th trust model between at least one server and a plurality of 
clients. 
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Claim 16 (Canceled) Amethod as recited in claim 14, further comprising assuring the tamper 
resistance of the application. 

Claim 17 (Previously presented) A method for secure communication between a client and a 
server employing an untrusted proxy; the method comprising: 
embedding a coprocessor at the proxy; 

the proxy receiving a specific communication request from a client; 

the proxy forming an n-tuple for the specific communication; 

the proxy forwarding the n-tuple to the coprocessor; 

the coprocessor generating a response, including a directive, to the n-tuple; 

the coprocessor sending the response to the proxy, and 

the proxy implementing the directive. 

Claim 1 8 (Previously presented) A method of claim 1 7, wherein the coprocessor is a secure 
coprocessor. 



Claim 19 (Previously presented) A method of claim 17, wherein the step of receiving includes: 
awaiting a connection request from a client; 
creating an entry in a storage module for the client; 
determining a sender of each received packet; and 
retrieving a stored entry. 

Claim 20 (Previously presented) A method of claim 19, wherein the n-tuple includes a sender id, 
an entry from a storage module and the received packet. 

Claim 2 1 (Previously presented) A method of claim 17, wherein the client and the server can be 
either a sender or a receiver, and the step of generating includes employing a first protocol from 
the sender to the proxy and a second protocol from the proxy to the receiver and translating 
between the first and second protocols. 
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Claim 22 (Previously presented) A method of claim 21, wherein the translating includes 
decrypting the received packet as specified by the security parameters negotiated as per the first 
protocol and encrypting the decrypted packet as specified by the security parameters of the second 
protocol. 

Claim 23 (Previously presented) A method of claim 21, wherein the translating includes 
modifying the received packet to meet constraints of the receiver and wherein the directive 
includes forwarding to the receiver the packet resulting from the step of modifying. 

Claim 24 (Previously presented) A method as recited in claim 23, further comprising aggregating 
a plurality of packets into a group of packets and performing content adaptation on the group of 
packets. 

Claim 25 (Previously presented) A method of claim 17, wherein the communication between the 
client and the proxy employ protocols specified by the Wireless Application Protocol suite 
(WAP). 

Claim 26. (Currently Amended) A system to control security of a proxy interconnecting a 
client to a server, comprising: 

providing a secure communication bet w een a client and a server employing an untrusted nrnxv hv 
means of: 

employing said proxy between a said clie nt and a said server to nrovide connection links 
between said client and said server: 
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embedding a secure coprocessor for use as an agent of said client and/or said 

server which assures that said p ro xy ca n not tamper with the functioning of said agent said 

agent being a software program or har d ware logic operating within the confines of said 

coprocessor: 

said proxy receiving a s pecific communication request from said client: 

said coprocessor is located at the site of sai d proxy and: fa) acts as a converter hetwe^n af 
least one protocol said client supports, a nd at least one other protocol supported bv said 
server, (b) guarantees that an appli cation, embedded in said coprocessor performs to a 
degree of se curity proscribed bv said client and/or said server: 

said proxy forming an n- tuple for a specific communication: 

_said proxy forwardin g said n-tuple to said coprocessor, 

said coprocessor generatin g a response, including a directive to said n-tuple: 

said coprocessor se nding said response to said proxy and 

said proxy implementing a directive: and 

employing the re$pective security protoco ls of said at least one protocol and said at least 
one other protocol; 

Md secure coprocessor, being used as an agent of the client and/or a server, said secure 
coprocessor being located at the site of said proxy ; said agent being a software program or 
hardware logic operating within the confines of said coprocessor and 
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an application embedded in said secure coprocessor which acts as a converter between at 
least one protocol said client supports and at least one other protocol supported by said server, 
wherein said secure coprocessor employs respective security protocols of said at least one 
protocol and said at least one other protocol; said secure coprocessor also assuring that said proxy 
cannot tamper with the functioning of said agent, and guaranteeing that an application embedded 
in said coprocessor performs to a degree of security proscribed by said client and/or said server. 

Claims 27 - 29 (Canceled) 

Claim 30 (Previously presented) A system as recited in claim 26, wherein the application 
embedded in the coprocessor adapts content supplied by the server to fit constraints of the client 
and the connection links. 

Claim 3 1 (Previously presented) A system as recited in claim 26 30 wherein the application 
embedded in the coprocessor adapts content supplied by the client to fit constraints of the server 
and the connection links. 

Claim 32 (Canceled) A system for providing network security to a network employing a proxy, 
the system comprising: 

a secure coprocessor located at the site of a proxy; and 

a trusted application embedded in the coprocessor wherein the coprocessor delegates the 
task of enforcing an arbitrary trust model to the application. 

Claim 33 (Canceled) A system as recited in claim 32, wherein the coprocessor functions to 
guarantee that the application is trusted to enforce the trust model between at least one server and 
a plurality of clients. 

Claim 34 (Canceled) A system as recited in claim 32, wherein the coprocessor functions to 
assure the tamper resistance of the application. 

r 
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Claim 35. (Currently Amended) An article of manufacture comprising a computer usable 
medium having computer readable program code means embodied therein for achieving client to 
server end to end security guarantees, the computer readable program code means in said article of 
manufacture comprising computer readable program code means for causing a computer to effect: 

employing a proxy between a client and a server to provide connection links between said 
client and said server; 

providing a secure communication between a c lient and a server employing an untnmteri 
proxy bv means of: 

embedding a secure coprocessor for use as an agent of said client and/or said 

server which assures that said proxy cannot tamper with the functioning of said agent, said 

agent being a software program or hardware logic operating within the confines of said 

coprocessor; 

said proxy receiving a specific communic ation request from said client- 

said coprocessor is located at the site of said proxy and: (a) acts as a converter between at 
least one protocol said client supports, and at least one other protocol supported by said 
server, (b) guarantees that an application embedded in said coprocessor performs to a 
degree of security proscribed by said client and/or said server; 

said proxy forming an n-tu ple for a specific communication: 

said proxy fo rwarding said n-tuple to said coprocessor: 

said coprocessor generating a respo n se, including a directive to said n-tup le; 
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said coproc essor sending said response to said proxy and 
said proxy implementing a directive: and 

employing the respective security protocols of said at least one protocol and said at least 
one other protocol; 

said coprocessor is located at said proxy and: (a) acts as a converter between at least one 
protocol said client supports, and at least one other protocol supported by said server, 
(b) and guarantees that an application embedded in said coprocessor performs to a degree 
of security proscribed by said client and/or said server ; 

employing the respective security protocols of said at least one protocol and said at least 
one other protocol * 

Claim 36 (Previously presented) An article of manufacture as recited in claim 35, the computer 
readable code means in said article of manufacture further comprising computer readable program 
code means for causing a computer to effect the coprocessor assuring that the proxy can not 
tamper with the functioning of the agent. 

Claim 37 (Canceled) 
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Claim 3 8 . (Currently Amended) An article of manufacture comprising a computer usable 
medium having computer readable program code means embodied therein for achieving client to 
server end to end security guarantees, the computer readable program code means in said article of 
manufacture further comprising computer readable program code means for causing a computer to 
effect: 



employing a proxy between a client and a server to provide connection links between said 
client and said server; 

embedding a secure coprocessor for use as an agent of said client and/or said 

server which assures that said nroxv cannot t amper with the functioning of said agent said 

agent being a software program or h a rdware logic operating within the confines of said 

coprocessor : 

said coprocessor is located at said proxy site and: (a) acts as a converter between at least 
one protocol said client supports, and at least one other protocol supported by said server, 
£b) adapts content supplied by said server to fit constraints of said client and/or connection 
links. 



employing the respective security protocols of said at least one protocol and said at least 
one other protocol . 
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Claim 39. (Previously presented) An article of manufacture comprising a computer usable 
medium having computer readable program code means embodied therein for achieving client to 
server end to end security guarantees, the computer readable program code means in said article of 
manufacture further comprising computer readable program code means for causing a computer to 
effect: 

employing a proxy between a client and a server to provide connection links between said 
client and said server; 

embedding a secure coprocessor for use as an agent of said client and/or said 
server; 

said coprocessor is located at said proxy site and: (a) acts as a converter between at least 
one protocol said client supports, and at least one other protocol supported by said server, 
b) assures that said proxy cannot tamper with the functioning of said agent, and (c) adapts 
content supplied by said server to fit constraints of said server and connection links; 

employing the respective security protocols of said at least one protocol and said at least 
one other protocol . 

Claim 40. (Previously Presented) A computer program product comprising a computer 
usable medium having computer readable program code means embodied therein for providing 
secure communication on a network, the computer readable program code means in said 
computer program product comprising computer readable program code means for causing a 
computer to effect: 

securely embedding an agent at the site of a proxy in the network, and 

splicing a security protocol of a Wireless Applications Protocol suite (WAP) to that of the 
Internet Protocol (IP) suite. 
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Claim 41 (Canceled) 

Claim 42 . (Canceled) A computer program product comprising a computer usable medium 
having computer readable program code means embodied therein for providing secure 
communication on a network, the computer readable program code means in said computer 
program product comprising computer readable program code means for causing a computer to 
effect: 

securely embedding an agent at a proxy in the network, and 

splicing a plurality of secure communication protocols of different protocol suites into said 
agent, wherein said splicing includes maintaining end to end security guarantees at said 
server. 

43 . (Canceled) A computer program product comprising a computer usable medium 
having computer readable program code means embodied therein for providing secure 
communication on a network, the computer readable program code means in said computer 
program product further comprising computer readable program code means for causing a 
computer to effect; 

securely embedding an agent at a proxy in the network, and 

said agent performing at least one content adaptation function; 

splicing a plurality of secure communication protocols of different protocol suites into said 
agent. 
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Claim 44. (Previously presented) A computer program product comprising a computer 
usable medium having computer readable program code means embodied therein for providing 
secure communication on a network, the computer readable program code means in said 
computer program product further comprising computer readable program code means for causing 
a computer to effect : 

securely embedding an agent at a proxy in the network, and 

splicing a plurality of secure communication protocols of different protocol suites into said 
agent; 



maintaining a state of said splicing process resulting from said step of splicing, wherein 
said step of maintaining includes employing a storage device external to said proxy, and 
using cryptographic means to encrypt the state of a splicing process resulting from the step 
of splicing. 

Claim 45 (Canceled) 

Claim 46 (Canceled) A computer program product comprising a computer usable medium having 
computer readable program code means embodied therein for providing network security to a 
network employing a proxy, the computer readable program code means in said computer 
program product comprising computer readable program code means for causing a computer to 
effect the steps of : 

embedding a trusted application in a secure coprocessor located at the site of a proxy; and 
delegating to a network infrastructure a task of enforcing a trust model. 
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Claim 47 (Canceled) A computer program product as recited in claim 46, the computer readable 
program code means in said computer program product further comprising computer readable 
program code means for causing a computer to effect the step of guaranteeing that the application 
is trusted to enforce the trust model between at least one server and a plurality of clients. 

Claim 48 (Canceled) A computer program product as recited in claim 46, the computer readable 
program code means in said computer program product further comprising computer readable 
program code means for causing a computer to effect the step of assuring the tamper resistance of 
the application. 

Claim 49 (Previously presented) A program storage device readable by machine, tangibly 
embodying a program of instructions executable by the machine to perform method steps for 
secure communication between a client and a server employing an untrusted proxy, said method 
steps comprising: 

embedding a coprocessor at the proxy; 

the proxy receiving a specific communication request from a client; 

the proxy forming an n-tuple for the specific communication; 

the proxy forwarding the n-tuple to the coprocessor; 

the coprocessor generating a response, including a directive, to the n-tuple; 

the coprocessor sending the response to the proxy, and 

the proxy implementing the directive. 

Claim 50 (Previously presented) A program storage device readable by machine as recited in 
claim 49, wherein the coprocessor is a secure coprocessor. 
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Claim 51 (Previously presented) A program storage device readable by machine as recited in 
claim 49, wherein the step of receiving includes: 

awaiting a connection request from a first client; 

creating an entry in a storage module for the client; 

determining a sender of each received packet; 

retrieving a stored entry. 

Claim 52 (Previously Presented) A program storage device readable by machine as recited in 
claim 49, wherein the n-tuple includes a sender id, an entry from a storage module and the 
received packet. 

Claim 53 (Previously Presented) A program storage device readable by machine as recited in 
claim 49, wherein the client and the server can be either a sender or a receiver, and the step of 
generating includes employing a first protocol from the sender to the proxy and a second protocol 
from the proxy to the receiver and translating between the first and second protocols. 

Claim 54 (Previously Presented) A program storage device readable by machine as recited in 
claim 49, wherein the translating includes decrypting the received packet as specified by the 
security parameters negotiated as per the first protocol and encrypting the decrypted packet as 
specified by the security parameters of the second protocol. 

Claim 55 (Previously Presented) A program storage device readable by machine as recited in 
claim 49, wherein the translating includes modifying the received packet to meet constraints of 
the receiver and wherein the directive includes forwarding to the receiver the packet resulting 
from the step of modifying. 

Claim 56 (Previously Presented) A program storage device readable by machine as recited in 
claim 55, said method steps further comprising the step of aggregating a plurality of packets into a 
group of packets and performing content adaptation on the group of packets. 
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Claim 57 (Previously Presented) A program storage device readable by machine as recited in 
claim 49, wherein the communication between the client and the proxy employ protocols 
specified by the Wireless Application Protocol suite (WAP). 

Claim 58 (Previously presented) A method as recited in claim 1, further comprising the step of the 
coprocessor adapting content supplied by the server to fit constraints of the client anchor the 
connection links. 

Claim 59. (Previously presented) A method as recited in claim 7, wherein the splicing includes 
maintaining end to end security guarantees without a modification to a server involved in the 
communication. 
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